Language Selection

English French German Italian Portuguese Spanish

Security: AccessEnforcer, Windows Ransomware Does Major Damage, Spammers Send Junk Mail to Thousands of Printers, Google Cleanup and More

Filed under
Security
  • VLANs and More Added to AccessEnforcer UTM Firewall

    AccessEnforcer Version 4.1 also updates firewall's operating system to OpenBSD 6.3. OpenBSD is one of the most secure operating systems in the world. Version 6.3 provides additional mitigations against the Spectre and Meltdown vulnerabilities and also mitigates against return-oriented programming and other memory corruption attacks. 

  • Norwegian aluminium firm slowly recovering from ransomware attack

     

    Norwegian aluminium maker Norsk Hydro says it has made some progress restoring its systems back to normal after being hit by Windows ransomware known as LockerGoGa on Monday evening.  

  • Spammers Send Junk Mail to Thousands of Printers

    Spam has been with us since the very first days of email, but a Russian marketing agency recently took things a stage further by sending good old-fashioned paper-based junk mail over the internet.

    The company claims to have advertised a graphic design course for its client Skillbox using a software bot that searched for online printers. It printed a one-page promotion on every device it found, directing them to a website boasting about its exploits.

    The website for the company's marketing campaign, which I am deliberately not linking to here, explains that "by the 2024", it is "94% likely" that bots will replace accountants, auditors, and financial analysts by the million. Consequently, it says, accountants (or anyone else worried about being replaced by AI) should learn graphic design instead. The stats come from a five-year-old Oxford Martin School report, but that needn't concern us here.

    What's more interesting is another statistic: 600,000. That’s how many printers the marketing agency claim to have clogged up with advertising, according to this report from Graham Cluley.

    [...]

    It wouldn't be the first time that someone had spammed printers online. In December, a hacker calling himself TheHackerGiraffe spammed 50,000 printers promoting popular YouTube celebrity PewDiePie. Other incidents have been much darker. Nazi nerd Andrew Aurenheimer, a.k.a. Weev, sent white supremacist messages to every printer in North America that he could find instead of using Shodan, he used Masscan, which is a mass IP port scanner. 

  • Android clampdown on calls and texts access trashes bunch of apps

    Android looks a little less open now that Google has begun to enforce draconian new rules on accessing a phone's call and text logs.

    Developers have been forced to remove features or in some cases change the fundamental nature of the application. One example is BlackBerry's Hub, an email client which also aggregated notifications from a variety of apps and presented them chronologically in a timeline. This application has lost its ability to includes calls and texts in that timeline.

    Exceptions created by Google don't seem to be honoured, developers complained. One said that an enterprise archiving app – a category specifically exempt from the clampdown – has been broken.

    Another developer, Miroslav Novosvetsky of MobileSoft, rued that he might have to withdraw his Callistics usage monitor app altogether.

  • The martian packet case in our Neutron floating IP setup

    A community member opened a bug the other day related to a weird networking behavior in the Cloud VPS service, offered by the Cloud Services team at Wikimedia Foundation. This VPS hosting service is based on Openstack, and we implement the networking bits by means of Neutron.

    Our current setup is based on Openstack Mitaka (old, I know) and the networking architecture we use is extensively described in our docs. What is interesting today is our floating IP setup, which Neutron uses by means of the Netfilter NAT engine.

    Neutron creates a couple of NAT rules for each floating IP, to implement both SNAT and DNAT. In our setup, if a VM uses a floating IP, then all its traffic to and from The Internet will use this floating IP. In our case, the floating IP range is made of public IPv4 addresses.

More in Tux Machines

Security Leftovers

  • Why Are Cryptographers Being Denied Entry into the US?

    Is there some cryptographer blacklist? Is something else going on? A lot of us would like to know.

  • Security Engineering: Third Edition

    Today I put online a chapter on Who is the Opponent, which draws together what we learned from Snowden and others about the capabilities of state actors, together with what we’ve learned about cybercrime actors as a result of running the Cambridge Cybercrime Centre. Isn’t it odd that almost six years after Snowden, nobody’s tried to pull together what we learned into a coherent summary?

    There’s also a chapter on Surveillance or Privacy which looks at policy. What’s the privacy landscape now, and what might we expect from the tussles over data retention, government backdoors and censorship more generally?

  • Google halts some business with China's Huawei: report

    Huawei will reportedly no longer be able to access Android updates, the Gmail app, the Google Play store and new versions of Google phones outside of China.

  • Google restricts Huawei's use of Android

    Existing Huawei smartphone users will be able to update apps and push through security fixes, as well as update Google Play services.

    But when Google launches the next version of Android later this year, it may not be available on Huawei devices.

    Future Huawei devices may no longer have apps such as YouTube and Maps.

  • Forget Huawei, The Internet Of Things Is The Real Security Threat
    We've noted for a while how a lot of the US protectionist security hysteria surrounding Huawei isn't supported by much in the way of hard data. And while it's certainly possible that Huawei helps the Chinese government spy, the reality is that Chinese (or any other) intelligence services don't really need to rely on Huawei to spy on the American public. Why? Because people around the world keep connecting millions of internet of broken things devices to their home and business networks that lack even the most rudimentary of security and privacy protections. Week after week we've documented how these devices are being built with both privacy and security as a distant afterthought, resulting in everything from your television to your refrigerator creating both new attack vectors and wonderful new surveillance opportunities for hackers and state actors.

today's howtos

Android Leftovers

A Look At The MDS Cost On Xeon, EPYC & Xeon Total Impact Of Affected CPU Vulnerabilities

This weekend I posted a number of benchmarks looking at the performance impact of the new MDS/Zombieload vulnerabilities that also included a look at the overall cost of Spectre/Meltdown/L1TF/MDS on Intel desktop CPUs and AMD CPUs (Spectre). In this article are similar benchmarks but turning the attention now to Intel Xeon hardware and also comparing those total mitigation costs against AMD EPYC with its Spectre mitigations. This article offers a look at the MDS/Zombieload mitigations on a 1st Gen Skylake Xeon Scalable server as well as a Kabylake Xeon E3 server for reference. Following that is a look at the total CPU vulnerability mitigation costs for 1st Gen Xeon Scalable, 2nd Gen Xeon Scalable (Cascade Lake), and an AMD EPYC 2P server as well for its Spectre mitigations. As expected given Intel's guidance last week of their latest Xeon processors being mitigated for MDS, indeed, the dual Xeon Platinum 8280 Cascade Lake server reported it was not affected by the MDS mitigations and thus not enabled. So for the MDS tests up first it's just some reference results using a dual Xeon Gold 6138 Skylake server running Ubuntu 19.04 with the Linux 5.0 patched kernel and reference results side-by-side for a separate Xeon E3-1275 v6 server. Read more